Based on example 4 at http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Timechart I'm trying to generate a timechart of site traffic plus commerce traffic (commerce means our URL matches /Commerce/) but commerce traffic isn't returning anything. I assume there's a problem with my use of eval(uri_path=...
This is the query:
sourcetype=access_combined | timechart count(eval(method="GET")) AS GETs, count(eval(uri_path="/Commerce/*")) AS Commerce
Any ideas what I'm doing wrong?
... View more